What is vRealize Network Insight?
VMware vRealize Network Insight delivers intelligent operations for software-defined networking and security. It helps customers build an optimized, highly-available, and secure network infrastructure across multi-cloud environments. It accelerates micro-segmentation planning and deployment, enables visibility across virtual and physical networks, and provides operational views to manage and scale VMware NSX deployments.
More information is available at https://docs.vmware.com/en/VMware-vRealize-Network-Insight/index.html
What is Network Insight?
VMware Network Insight is a VMware Cloud Service that offers the same capabilities as vRealize Network Insight. It provides visibility into the networking and security flows of your on-premises and cloud applications as well as into monitoring your NSX-based SDDC.
More information is available at https://docs.vmware.com/en/VMware-Network-Insight/index.html
How do I sign up for Network Insight service?
When you sign up for a VMware Cloud service, or when someone invites you to join a service, you receive an email invitation containing a link that you use to sign up.
You sign up for VMware Cloud services with your VMware ID. If you do not have a Customer Connect account, you create one as you sign up.
Procedure:
If you have a VMware ID, follow the steps to sign up to VMware Cloud with your VMware ID credentials.
If you do not have a VMware ID, follow the steps to create your Customer Connect account, and sign up to VMware Cloud.
Log in to VMware Cloud with your VMware ID. If you are not redirected to the VMware Network Insight page, go to https://www.mgmt.cloud.vmware.com/.
Which all outgoing traffic require access through the firewall?
HTTPS port 443 open to outgoing traffic with access through the firewall to:
*.vmwareidentity.com
gaz.csp-vidm-prod.com
*.vmware.com
*.ni-onsaas.com
Note: Due to images size limitation with the system, we suggest you to open the images in new tabs, zoom in the browser or download the below screenshots for a better understanding of each step.
Any firewall rules to be created in customer environment?
Management Gateway Firewall rule to allow vRNI/NI collector to invoke NSX Manager APIs over HTTPS (443). A sample screenshot of the firewall rule is shown below:
Note: While the rule above specifies the “Source” in the firewall rule as Any; it is recommended that a more stricter criteria be specified for the “Source” so that only the collector VM can communicate with the proxy.
Compute gateway rule within the Gateway Firewall to allow collector to communicate with the on-Prem Platform/NI.
Note: While the rule above specifies the “Source” in the firewall rule as Any; it is recommended that a more stricter criteria be specified for the “Source” so that only the collector VM can communicate with the proxy.
What should be roles/permission required for user adding VMC data sources?
For VMC VCenter:Note: The user needs to have role of Cloud Admin in order to enable DFW IPFIX on VMC Policy Manger. A user with Cloud Auditor role has read-only privileges and would not be able to perform tasks like enable/disable DFWIPFIX.
Not able to get data due to wrong/mismatch configuration of NSX Manager and vCenter
If an incorrect VMC NSX Manager is configured with a VMC VCenter, then critical data required for Flows and Topology to function correctly would be missing. In such cases, the remediation would be to delete the incorrectly added VMC NSX Manager data source and add a new VMC NSX Manager data source using the correct VMC VCenter and NSX Manager.
Unable to enable DFW IPFIX ?
Depending on whether vRNI/NI can enable DFW IPFIX on Policy Manager with the given user there can be following error messages.
1) No new collectors can be added.
VMC Policy Manager allows only 4 collectors to be added to its DFW IPFIX Collector Profile. This error will be seen when the existing DFW IPFIX Collector Profile already has 4 collectors added to it.
2) Provided user does not have the required role. Only users with the following role can enable IPFIX: Cloud Administrator.
Only the above-mentioned roles in VMC can do a write operation on VMC Policy Manager. As while enabling DFW IPFIX on Policy Manger we need to add/update the DFW IPFIX Profile or DFW IPFIX Collector Profiles on Policy Manger we need the user to have write permissions.
How to obtain CSP refresh token for NSX Manager?
Step 1: Login to your VMWare Cloud Services console
Step 2: Click on VMWare Cloud on AWS in My Services.
Step 3: Click on the desired SDDC name.
Step 4: Click on Support Tab. Note the NSX Manager IP shown in the page.
Step 5: Click on the present at the top right corner of the screen.
Step 6: Now click on API Tokens Tab and copy the Refresh Token. Refresh token have a lifetime of 6 months and their lifecycle tracking is outside the scope of vRNI/NI
How to obtain credentials for VCenter?
Step 1: Login to your VMWare Cloud Services console
Step 2: Click on VMWare Cloud on AWS in My Services.
Step 3: Click on the desired SDDC name.
Step 4: Click on Settings Tab
Step 5: Click on the vCenter FQDN to get the VCenter FQDN. Click on Default vCenter User account to find the User Name and Password. Click on the icon to copy the Password / User Name to clipboard. Note the FQDN, Username and Password. These will be required to add the data source in vRNI/NI.